Acceding SiteMinder protected site, integrated with VIP Authentication Hub.

After One Time Password (OTP) at VIP Authentication Hub is done successfully, the user doesn't get to the SiteMinder password change screen.

The SiteMinder side reports SMAUTHREASON=56, which means that the Authentication Chain is processing (1).

example.har

Line 1:

GET https://server.example.com/affwebservices/public/bctokencontroller?X-TRANSACTION-ID=<value>&code=<value>&state=SMSTATEGUID-<value>&session_state=<value> HTTP/1.1

  HTTP/1.1 200 OK

Line 2:

GET https://server.example.com/affwebservices/public/bctokencontroller/?X-TRANSACTION-ID=<value>&code=<value>&session_state=<value>&state=<value>-SM-&GUID=<value>&REALMOID=<value>&SMAUTHREASON=56&METHOD=GET&SMAGENTNAME=-SM-<value>&TARGET=-SM-http%3A%2F%2Fapp.example.com%2F%26SMNONCE%3D<value>%26CHALLENGE-METHOD%3DS256 HTTP/1.1

  HTTP/1.1 302 Found
  Location: http://app.example.com/

The product works as designed, as stated in the documentation.

The Authentication Chain doesn't support password policies, and as such, the behavior is expected (2).

To get the Authentication Chain to support Password Policies, set an Enhancement Request (Idea) (3).

1. SMAUTHREASON reason code document
   
   
2. Supported Authentication Schemes and Password Policies
   
   
3. Creating an Idea/Enhancement Request for SiteMinder